Case Study of Cyber Security in Pharma Company

Cyber Security in Pharmaceutical Industry

e-commerce-case-study

Challenge

A pharmaceutical company approached us with a case of data breach. They already had reason to believe it was an ex-management employee who had deleted several of their important documents, but they had no proof to be absolutely sure.

Solution

Upon being hired, our first order of business was to look into the said employee’s laptop, email logs, as well as the firewall and end user walls. We performed a complete threat analysis to check for any other potential threats, and a behavioral analysis which involved checking into the timestamps for all the physical and network activities of this employee. Our team also performed open source intelligence analysis to identify and analyze his online presence and activities.

Our private forensic investigation proved things were much out of place from a security point-of-view. There were only certain basic controls, such as an antivirus and a small firewall, that comprised their cyber security infrastructure.

Now, for the specific problem at hand, it was found that during the time the said employee was serving notice period, he had been taking his work laptop home and accessing the same documents every night. It was proven beyond doubt that this employee had in fact deleted those documents.

Our findings led our client to believe that there was a dire need for them to have a proper set of cyber security policies in place. As our next step, we helped the firm do exactly that through:

  • the creation of a centralized documentation system,
  • ensuring proper log monitoring,
  • setting up a centralized threat lock within their management system,
  • introducing data loss prevention (DLP) solution to ensure an alert is generated every time an employee tries to send a work document outside the network, as well as
  • implementing ISO20001 - international cyber security standard specifically for their international clients.

We also realized that the real challenge was not having these controls in place, but to have the firm’s employees break out of their old practices, and start implementing the new policies on a regular basis. To make this shift easier and more seamless for them, we held special training sessions, making them aware of this one-time incident, its impact, and how they could easily prevent it in the future by having proper controls in place. We trained them on both reactive and proactive management of threats, thereby making the firm more secure towards any possible security threats.

Outcome

While most organizations wait for an incident to happen, the efforts put in by Cyber Octet and the trust out in us by the client ensured that:

  • The risk of data loss through human error was minimized
  • Data sharing was now more secure.
  • No employee could just leave the premises and take intellectual property with them.
  • Remote file access was revoked.
  • Administrative burden was reduced.

We thus ensured that such an incident never happens again with our client.

+971 56767 8152
+91 98244 35293
A- 1006, Unicus Shyamal, Shyamal Cross Road, Shyamal, Ahmedabad, Gujarat-380015
[email protected]

We are an IT solution, security, training, and services company, offers its clients the best solutions for any development solution to data security.

Our Services

©2023 All Rights Reserved to Cyber Octet | Design & developed by Clients Now Technologies | Sitemap